Create Communication Task Authentication - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-12-04
Category
Administrator Guide
Abstract

Configure user authentication for a communication task.

When sending a form in a communication task, you can configure user authentication to ensure only authorized users gain access to the form.

The authorized users are usually external users not in Cortex XSIAM, and they will not be able to access anything else in Cortex XSIAM

Set up playbook communication task authentication
  1. Define in your IdP (for example, Okta) a dedicated group of external users who you want to authenticate.

  2. Select SettingsConfigurationsAccess ManagementAuthentication Settings.

  3. In the Communication Task Authentication tab, toggle to Enable Communication task SSO Connection. Set the following parameters using your organization’s IdP.

    • General

      Parameter

      Description

      Single Sign-on URL

      Indicates your SSO URL, which is a fixed, read-only value based on your tenant's URL using the format https://<name of Cortex-XSIAM>.paloaltonetworks.com/idp/saml. For example, https://tenant1.xsoar.paloaltonetworks.com/idp/saml

      You need this value when configuring your IdP.

      Audience URI (SP Entity ID)

      Indicates your Service Provider Entity ID, also known as the ACS URL. It is a fixed, read-only value using the format, https://<name of Cortex-XSIAM>.xdr.<region>.paloaltonetworks.com. For example https://tenant1.xdr.us.paloaltonetworks.com.

      You need this value when configuring your organization’s IdP.

      IdP SSO URL

      Specify your organization’s SSO URL, which is copied from your organization’s IdP.

      IdP Issuer ID

      Specify your organization’s IdP Issuer ID, which is copied from your organization’s IdP.

      X.509 Certificate

      Specify your X.509 digital certificate, which is copied from your organization’s IdP.

    • IdP Attribute Mappings

      These IdP attribute mappings are dependent on your organization’s IdP.

      Parameter

      Description

      Email

      Specify the email mapping according to your organization’s IdP.

      First Name

      Specify the first name mapping according to your organization’s IdP.

      Last Name

      Specify the last name mapping according to your organization’s IdP.

    • Advanced Settings (Optional)

      The following advanced settings are optional to configure and some are specific for a particular IdP.

      Parameter

      Description

      Relay State

      (Optional) Specify the URL for a specific page that you want users to be directed to after they’ve been authenticated by your organization’s IdP and log in to Cortex XSIAM.

      IdP Single Logout URL

      (Optional) Specify your IdP single logout URL provided from your organization’s IdP to ensure that when a user initiates a logout from Cortex XSIAM, the identity provider logs the user out of all applications in the current identity provider login session.

      SP Logout URL

      (Optional) Indicates the Service Provider logout URL that you need to provide when configuring single logout from your organization’s IdP to ensure that when a user initiates a logout from Cortex XSIAM, the identity provider logs the user out of all applications in the current identity provider login session. This field is read-only and uses the following format https://<name of Cortex-XSIAM>.xdr.<region>paloaltonetworks.com/idp/logout, such as https://tenant1.xdr.us.paloaltonetworks.com/idp/logout.

      Service Provider Public Certificate

      (Optional) Specify your organization’s IdP service provider public certificate.

      Service Provider Private Key (Pem Format)

      (Optional) Specify your organization’s IdP service provider private key in Pem Format.

      ADFS

      (Optional) Select this checkbox when you are configuring Microsoft ADFS services.

      Passwordless Authentication MFA

      (Optional) Requires non-password credentials for SSO authentication. If selected, this option requires users to choose intrinsically safer authentication factors such as biometric authentication to access Cortex XSIAM.

      Force Authentication

      (Optional) Requires users to reauthenticate to access the Cortex XSIAM tenant, even if they already authenticated to access other applications.

  4. In the Task details of your playbook communication task, check Require users to authenticate to have your SAML or AD authenticate the recipient before allowing them access to the form.

    playbook-comm-task-authenticate-2.png